"Researchers at Malwarebytes Labs discovered a malicious website that closely mimics Google's official account security check and guides victims through a four-step process that appears legitimate. Instead of protecting accounts, the fake tool quietly collects sensitive information that attackers can later use to break into Gmail and other Google services."
"'When installed as a PWA (Progressive Web App), the browser address bar disappears,' Malwarebytes researchers explained in a blog post. 'The victim sees what looks and feels like a native Google app.' Security analysts warn that the malicious tool can also intercept one-time verification codes used for two-factor authentication, which are often required to log into Gmail accounts."
"In some cases, the attack may also install additional software capable of recording keystrokes, potentially capturing usernames, passwords and other sensitive information typed on the device. 'Once connected, the attacker can route arbitrary web requests through the victim's browser as if they were browsing from the victim's own network,' Malwarebytes researchers said."
"'If you receive an unexpected 'security alert' asking you to install software, enable notifications, or share contacts, close the page,' the team shared. 'Legitimate account security tools are accessed directly through your Google Account.' They also noted that Google does not conduct security checkups through unsolicited pop-up pages."
Cybersecurity researchers discovered a fraudulent website impersonating Google's account security check that deceives users into installing malicious software. Attackers distribute the scam through phishing emails, text messages, and pop-ups claiming urgent security verification is needed. The fake tool, installable as a Progressive Web App, hides the browser address bar to appear as a legitimate Google application. Once installed, it harvests sensitive data including contacts, GPS location, clipboard information, and intercepts two-factor authentication codes. The malware can also record keystrokes to capture passwords and usernames. Attackers subsequently gain unauthorized access to Gmail and other Google services. Google does not conduct security checkups through unsolicited pop-ups, and users should close unexpected security alerts requesting software installation or data sharing.
#gmail-phishing-scam #malicious-pwa #credential-theft #two-factor-authentication-bypass #cybersecurity-threat
Read at Mail Online
Unable to calculate read time
Collection
[
|
...
]